Visit us at it-sa in Nuremberg from October 7 to 9. Get your free ticket now!

Home>

Myra Website Check

Sovereignty Check

Digital self-determination

Where does my data go? Check now!

Is your account, insurance, health or personal data really secure? Or can other parties access it? Use our free website checker to find out. The check shows if the websites of your bank, insurance company, healthcare provider, or local government are operated in accordance with European data protection regulations. Or whether your data ends up outside the EU.

 

Check whether your data is secure with just one click:

  1.  1. Enter the web address of your bank, insurance company, or city administration.

  2. 2. Start the check by selecting the “Scan” button.

  3. 3. Receive your individual results and recommendations.


Where does my data go?

How does my data end up abroad?

Imagine you are attending a large event such as a concert. You have your personal belongings with you in a bag – safely stowed away and protected from prying eyes. At the entrance check, you have to open the bag and show its contents. Security personal can inspect everything and check for possible dangers before you are allowed to enter.

The same applies to your data on the Internet: it is usually transmitted in encrypted form and is therefore protected against unauthorized access. But at a certain point – for example, at a content delivery network (CDN) – your data is decrypted and exposed before it is forwarded.

This is because, in order to detect and fend off attacks in encrypted data traffic, protection systems have to break the encryption for a short time. This process is called TLS termination and is comparable to a bag check.

The advantage: This check improves security. The risk: Whoever performs the check has full access to the contents of your bag or your data – and if this security provider is subject to non-European law, your data may end up with authorities outside the EU.

What does this mean for me?

It's a fact: as soon as a company or public authority uses cloud or CDN services from a non-European provider, there is a latent risk that foreign authorities will access your data, circumventing EU data protection regulations. This is particularly critical wherever sensitive information is processed.

The following examples show that, regardless of the sector, any outsourcing of content delivery and data processing to non-European infrastructure increases the risk of non-European authorities accessing your data – even if the servers are located in the EU. Countries with weak legal protection could analyze your data in order to monitor, discriminate against, or politically persecute you.

    Financial Data

    Insurance Data

    Health Data

    Citizen Data

  • Insurance data

    Your insurance data

    If your insurance company operates its customer portal with a non-European provider, contract and claims data may end up outside Europe. This may be relatively harmless in the case of car insurance. However, in the case of health or life insurance, far-reaching conclusions about your health, lifestyle, and financial circumstances are possible.

  • Health data

    Your health data

    If your local healthcare facility uses a patient portal or appointment scheduling tool from a non-European service provider, authorities outside the EU could gain access to your patient data, medical findings, lab results, or medication plans. According to the GDPR, health data is particularly sensitive because it allows direct conclusions to be drawn about your physical and mental state, your social environment, and your overall lifestyle. If such intimate information becomes known, there is a risk of discrimination, disadvantage in working life, or even state repression.

  • Citizen data

    Your citizen data

    Does your city administration use a non-European CDN to deliver its websites efficiently? If so, your personal data from the citizen portal or population register, such as your name, postal address, or religious affiliation, may be subject to access rights by non-European authorities without GDPR-compliant control. Each individual data point is less problematic on its own, but when combined, entire profiles can be created that allow far-reaching conclusions to be drawn about you as a person.

Why is this important?

Many banks, insurance companies, healthcare institutions, and even public authorities purchase IT services from international providers, including many companies based in the US. As soon as your data is processed by a US service provider, US surveillance authorities can access it – even if the data is stored in a European data center! Do you want your data to be shared with US authorities?

Laws with far-reaching consequences for your data

CLOUD Act

Regulates the disclosure of electronic data by US companies for law enforcement purposes, even if the data is stored outside the US. This applies to all providers headquartered in the US.

FISA 702

Allows US intelligence agencies to access data belonging to non-US citizens held by US service providers, even if the data is located within the EU – and on a massive scale, without a court order.

PATRIOT Act

Originally enacted to combat terrorism after 9/11, the PATRIOT Act allows US authorities to collect telephone and internet data on a massive scale and access business data.

Digital sovereignty in cybersecurity

Act now!

 

Have you discovered through our website check that your bank, insurance company, or city administration uses non-European service providers? Then demand effective data protection and GDPR-compliant solutions – or use the link-sharing function and the hashtag #notsafe to draw attention to shortcomings and set an example for digital self-determination!

© Myra Security GmbH 2025, all rights reserved

Made in Germany.

Responsible DisclosureLegal noticePrivacy policyPrivacy SettingsTerms and Conditions